Back in August, 2023, zkSecurity announced that it was partnering with ZPrize to organize their third prize π, which was to produce the fastest proofs of valid ECDSA signatures. The results surprised us all, and we ended up choosing not one, but two winners with two very different approaches! We just announced the results last week π£, so keep reading to learn more about who won, how they won, and how we split the $500,000 prize!
Our team worked in collaboration with Lighter to review their custom ZK circuits for a verifiable orderbook matching. The code was found to be solid and well-organized. It was a pleasure working with Lighter’s engineers, who were highly cooperative. You can read the full report here. The rest of this post includes a copy/paste of the overview section of the report. Overview of the Lighter circuit Lighter is an exchange implemented as a Layer 2 (L2), as its state transitions are verified and finalized on a Layer 1 (L1).
We are collaborating with StarkWare on the EVM adapter, an open-source verification adapter on Ethereum, currently tailored for Cairo bootloader proofs. At its core, it transforms a proof generated by the Stone Prover into a format that can be verified on Ethereum. The Cairo bootloader program serves as an prime example of the flexibility and usability for Layer 2 scaling offered by StarkWare technology. StarkNet utilizes this bootloader program to execute and batch-verify transactions from various Cairo programs, thereby elegantly achieving scalability without necessitating architectural changes.
In the week from February 12th to February 16th 2024, zkSecurity performed a security audit of Darkfi’s built-in contracts and circuits. The audit was performed on the public darkfi repository. You can find the full report here.
We’re always on the lookout for passionate people to join us to work on the most exciting projects in the ZK space. If you love finding bugs and are interested in ZK, you might want to take our new challenge: zkBank. This challenge is for everyone, and you’ll have to learn a bit of everything to solve it. If you think you have what it takes, then give it a go: https://github.
We just released a systemization of knowledge (SoK) whitepaper in collaboration with the Imperial College London, the Technical University of Munich, the Ethereum Foundation, the Scroll Foundation, and Matter Labs. The study goes through hundreds of ZK vulnerabilities to categorize them and understand the root causes of these vulnerabilities. We also provide a comprehensive list of mitigation strategies and best practices to avoid these vulnerabilities. The paper is currently available on arxiv.
In collaboration with Ξ£0, we released a new primitive called zkBitcoin, which allows for the creation of zero-knowledge applications (zkapps) on Bitcoin via a minimal layer 2 protocol that uses Bitcoin as data availability layer and a committee of participants to perform threshold signatures. This is a significant milestone for the Bitcoin ecosystem as it augments the capability of the Bitcoin scripting language allowing for larger and more complex application.
On October 9th, 2023, zkSecurity was tasked to audit Aleo’s consensus for use in the Aleo blockchain. Two consultants worked over the next 3 weeks to review Aleo’s codebase for security issues. The code was found to be thoroughly documented and of high quality. In addition, the team acted in a highly cooperative way and was key in helping us find a number of the issues in this report.
On September 11th, 2023, zkSecurity was tasked to audit Aleo’s synthesizer for use in the Aleo blockchain. Two consultants worked over the next 3 weeks to review Aleo’s codebase for security issues. The code was found to be thoroughly documented, rigorously tested, and well specified. A number of findings were reported. You can find the full report here. The report was well received by the Aleo team: What follows is a copy/paste of the overview section of the report
The Sui Foundation just released our public report on an audit of their zkLogin application. You can read it here. As we noted in our report, the code was found to be thoroughly documented, rigorously tested, and well specified. What follows is a copy of parts of the report’s content. Overview of zkLogin This section provides a simplified overview of the zkLogin application. zkLogin is a new way of authenticating users in Sui.